Wearyman

Losing my hair and losing my mind in Western New York

Friday, August 19, 2005

Privacy, Lies and Videogames.

Sony Online Entertainment's "Planetside" is my all time favorite game. I started playing back in open beta, and other than a short misguided stint in the ill fated "Earth and Beyond" I have played it continuously since then. Occasionally life forces upon me the necessity to take a break, and I am just coming off one and getting back into the game after about a month's hiatus. I return to find, to my revulsion, advertisements have been inserted into my beloved Planetside! The link in the title has the short version of the announcement, here's a quote:

"An In Game advertisement system has been added through billboard style ads that are streamed by Massive Incorporated.
"


After reading up a bit on the Planetside web forums, I found that they are ads for drink products (Fanta, Coca-Cola), movies, and T.V. programs. At least so far, the adverts seem to be relatively innocuous.

However, not being one who can let well enough alone, I decided to find out a bit more about the adverts and Massive, the company who's code is handling the ad process. What I found shocked and upset me. Not only are Massive and SOE placing ads into the game, they are collecting data and statistics on those ads, and the software they load into your system does the collecting and reporting for them.

"What kind of data" you say? Well I'm glad you asked. According to research data obtained by two investigators (I will go over their report in more detail later), the software collects data on which ads you viewed, how many times you viewed them, how long you viewed them, from what angle you viewed them and from what distance. All this data is then sent back to Massive's servers when you close out the game, and used to hit you with more ads tailored to your personal viewing preferences.

Now, if this type of thing sounds familiar, it's because you have heard of it before. It's called Spyware. That's right, SOE has just put spyware into Planetside!

Now, I realize that this a pretty serious accusation, so before you pop off and send me an e-mail telling me what an idiot I am and to put my tinfoil hat away, please read on...

Initially I suspected that SOE was simply adding static ads into the play areas and the ads were changed on a rotating basis. However I soon realized that something more was afoot. My first clue was one of the other players posting on the planetside message boards about how he blocked the ads from showing up. The method he used employed the hosts file on his PC, a method that would be ineffective and completely unnecessary if the ads were static content delivered as part of the Planetside world textures.

I then decided to do a bit of investigation on my own. After googling around a bit for information on Massive, I came across several pieces of interesting information. First of all, I naturally ran across Massive's website. As you can see, They have a large and growing customer base. This is despite only having been around for a very short time. The hunger to spam gamers with ads while in-game is apparently rather large.

I then came across an entry in the forums over at broadbandreports.com. This entry also mentions the same method for blocking Massive's adstream that was posted (and deleted by mods) over at the Planetside forums. Again, this implies quite a bit more than simple static delivery of ad content, as does the information available over at Massive's website. Specifically, this line from a PR newswire story is particularly telling:

"The Massive AdClient SDK integrates into video game engines at the
development stage and handles all connections and communications with
Massive's AdServer, allowing the game to dynamically download advertising,
contextually into the game".
 Now, I'm no programmer, but that sounds an awful lot like third party software being attached to the game and loaded up into my machine.

Ok, so we now know that something is being loaded up into our machines. But what? More importantly, what does it do? This is what guided my next set of searches. What I found would send chills through anyone even mildly privacy minded.

Two intelligent game players had run into Massive's advertising on another game, SWAT4. Intrigued and concerned about the annoyance of adverts invading their game, they performed some in-depth investigation of their own, and posted their results online.

They go into great detail on all that they discovered during their investigation, including quite a bit on exactly what the Massive AdClient does. What really startled me was the following section in their online data:

"The client contacted madserver to tell the advertisers how long the gamer spent with each advert in their view. This is mapped to the gamer id, so they know which player in the game saw the advert, and when, for how long, and from how far away (by virtue of the size attribute). Even the average viewing angle is passed back".


This is startling. Apparently the AdClient doesn't just collect generic statstics on which ads were seen and for how long (which is very invasive as it is) but it is tied directly to a unique "gamer id". Below is an excerpt from the code posted at the afore mentioned website which shows an example of this id:


<closeSessionRequest sig="eea7756a7fd93649ec8f4898ce9a0303">
<sessionId>5244540</sessionId>
<gamerId>5097365</gamerId>
<timestamp>1120348101661</timestamp>
</closeSessionRequest>

As you can see, there is a unique number generated for use as a gamer id and this is sent back to Massive's servers along with a session Id and a timestamp. Unfortunately I was unable to determine with certainty if the gamer Id is always the same, as it is not stated on the researcher's website, and I was unable to reach the authors for comment by promised post time. I will update this article as necessary if I receive any response to my queries.

Update: I recently received confirmation from the original researchers that yes, the Gamer ID is always the same, so this confirms that trackable information is indeed generated by the Massive AdClient.

This leaves us a few questions. Why the need for a gamer Id, and what is it used for? It doesn't take much pondering to conclude that the gamer Id is used for tracking individual gamers and their ad-viewing preferences. As opposed to simply tracking the general ad viewing preferences of a given game population. If the data gathered was simply to be agreggated into a large data pool with no unique Id other than which game was played, there would be no need whatsoever for the gamer Id function.

This raises other serious privacy concerns. If the gamer Id is indeed unique to each player (and there really is no reason to assume otherwise) then it is a very short leap of logic to the possibility of tying that unique gamer Id to your game login (in SOE's case, your Station Id), and from there to your billing information and thusly your personally identifiable information.
So there it is. SOE and Massive collecting potentially personally identifiable information on all thier users, for use in hitting them with ads to provide an additional revenue stream over and above the already confiscatory monthly subscriptions we all pay to play these games.

What I find highly interesting is the changes to the Planetside EULA that SOE has made. Specifically the differences in section 12, regarding privacy.

I happen to have Planetside installed on two different PC's. One I patched up to the latest version, the other is about 3 months old, as I haven't used that machine to play Planetside more than once. Here is the last paragraph of section 12 from the Old EULA:

You acknowledge that any and all character data is stored and is resident on our servers, and any and all communications that you make within the Game (including, but not limited to, messages solely directed at another player or group of players) traverse through our servers, may or may not be monitored by our personnel, you have no expectation of privacy in any such communications and you expressly consent to monitoring of communications that you send and receive. You acknowledge and agree that we may transfer such information (including, without limitation your personally identifiable information or personal data) to the United States or other countries or may share such information with our licensees and agents in connection with the Game.


This would appear to be primarily directed towards player actions in-game, with the idea of heading off any privacy related complaints and/or legal issues. Notice the last sentence. This appears to be deliberately aimed at giving SOE the right to do pretty much whatever they want with our billing information. This is more than a bit disturbing, and this is the old EULA! Here is the same paragraph from the New EULA:

You acknowledge that any and all character data is stored and is resident on our servers, and any and all communications that you make within the Game (including, but not limited to, messages solely directed at another player or group of players) traverse through our servers, may or may not be monitored by our personnel, you have no expectation of privacy in any such communications and you expressly consent to monitoring of communications that you send and receive. You acknowledge and agree that we may transfer such information (including, without limitation your personally identifiable information or personal data) to the United States or other countries or may share such information with our licensees and agents in connection with the Game. PlanetSide may incorporate third party ad serving technology from suppliers such as Massive Incorporated (“Massive”). This technology, if used by SOE and provided to you, enables certain advertising to be temporarily uploaded to your PC or console and replaced in-game while connected online. As part of that process, no personally identifiable information about you is collected and only select non-personally identifiable information (such as IP address) is temporarily logged. No logged information is used by Massive to determine any personally identifiable information about you. For full details, see Massive’s privacy policy at http://www.massiveincorporated.com/privacy.htm.


Just for the record, the highlighting is not mine. SOE put that text in bold themselves. (although I formatted in italics) It is interesting that they made sure to bold that particular sentence. It is as if they knew that what they were doing would be offensive to many of thier playerbase, and they put that in to head off any complaints. Then of course, there is the inclusion of the new trailing paragraph regarding Massive. Take particular note of the last three sentences regarding personally identifiable information. Interesting that they would take such pains to first state that they can use your personally identifiable information, but then turn right around and state that they won't actually gather that data.

Of course, we already know that to a be a lie, due to the inclusion of a unique "gamer Id" in the data returned to Massive at the conclusion of a game session. As I stated before, there is no logical reason to include a unique "gamer Id" unless you intend to collect personally identifiable information! This is Massive's software, they could have written it to not create or need a "gamer Id". But they specifically chose to write this into the software. The only conclusion one can logically draw is that they intend to use this data to personally identify individual gamers within the game.

The lies go deeper. If you bothered to read the Massive "privacy policy" You will note the following lines:

We do not currently utilize cookies and we do not place persistent data or install persistent tracking mechanisms on Gamers' computers.

And yet, they do indeed install persistent tracking mechanisms onto Gamers' computers! You may well wonder what the basis is for this accusation. Upon reading through the research I previously mentioned I began to suspect that something beyond the ad textures had to be added to the game to facilitate data gathering and tracking, as this ability was not likely to have been tracked or gathered before the addition of the Massive "service".

I compared the Planetside directories on my machine that hadn't had Planetside updated in about 3-4 months with the one that was fully up to date. There were 3 specific and obvious differences between the two machine's Planetside directories. One was the inclusion of a new sub-directory named "massive_data" Initial inspection of this directory showed it was empty.

There were also two new DLL files added to the main Planetside Directory. These included "msvcr71.dll", which is nothing more than Microsoft's .Net 1.1 programming library. Obviously something new that needed .Net to function had been added to Planetside. This is where the second DLL file comes in. Named "m4d.dll" this is the dark horse file. Examining this file in Notepad is initially unrevealing, as most of it is in ASCII text, and unreadable. However, about 7/8ths of the way down the file, we run into something more readable:

MMT_SetNetworkCreationFunction@@YAXP6APAVNetDriver@MassiveAdClient@@XZ@Z MMT_CancelRequest MMT_DeInitialize MMT_FlushImpressionCache MMT_Free MMT_GetBinaryData MMT_GetCrex MMT_GetCurrentCrexForInventoryElement MMT_GetCurrentTime MMT_GetID MMT_GetInventoryElementHandle MMT_GetName MMT_GetNextCrexForInventoryElement MMT_GetSize MMT_GetStatus MMT_GetType MMT_GetVersion MMT_GetZoneHeaders MMT_Initialize MMT_JoinSession MMT_LeaveSession MMT_Malloc MMT_NetUpdate MMT_SetMemoryAllocators MMT_ShareSession MMT_UpdateInventoryElement

Not being a programmer myself, I am admittedly a tad bit in the dark on what everything here means. Judging by the first line though, it would appear to be a series of function calls within the DLL that allow it to operate as the AdClient, or to provide that functionality to other portions of the software that have been embedded into the main Planetside software. Here is what we are after, the actual software that delivers the ads to gamers, and the Gamers' information to Massive.

So, what about not leaving persistent software on Gamers' PCs? This .dll remains after closing down Planetside normally. It is not deleted after the session is closed, or after a reboot. It is, in other words, persistent. This is in direct contradiction to the Massive "Privacy Policy" posted on thier website.

It is further interesting to note that Massive attempts to play a type of shell game with thier data, as the "massive_data" folder does indeed get used, but only during game play. Minimising Planetside while playing and then navigating to the "massive_data" folder reveals that it is now filled with the DDS (direct X image) files that make up the ads themselves. After closing down Planetside, this directory is emptied. I suspect this serves two functions. The first being the prevention of data buildup by not collecting too many ad images on Gamers' hard drives. The second being the ability to fool the less astute into thinking that indeed the Massive data is being removed from thier systems and that the "privacy policy" is being followed.

Obviously we now know that the "privacy policy" is not being followed, and that persistent data is indeed left on our systems. Since we have now been lied to twice regarding the use and function of Massive's software, it is fairly safe to take most if not all of thier so-called "privacy policy" with more than a grain of salt.

One question remains. What do we do about it? We cannot alter the software without risking violation of the EULA and cancellation of our accounts. Also, with the built-in update feature Planetside has, even deletion of the offending DLL files may not make a difference. The next time the game is started it will update and the DLLs will simply be replaced.

Gamers in the United States have no legal recourse as Privacy laws regarding collection of private information by corporate entities are ambiguous at best. EU gamers can take heart though, Privacy laws in the EU are very strict, and this type of approach is not likely to fly there.

For those of us in countries where laws have not been updated to force companies to be more responsible, we do indeed have recourse. A simple modification to the Hosts file on your PC can prevent the Massive software from contacting thier servers and transmitting any precious personal data. Simply open the Hosts file using Notepad. If you don't know where it is on your PC, just use the Windows search function (Start -> Search) and have it look in hidden and system files for "hosts". Once you have the file open, simply add these lines to your hosts file:

127.0.0.1 madserver.net
127.0.0.1 ad.madserver.net
127.0.0.1 imp.madserver.net
127.0.0.1 media.madserver.net

After the "localhost" line. This "blackholes" the Massive adservers, and when the AdClient attempts to make outbound contact to either those servers or IP's, it gets looped back to the PC itself and the connection dies. Alternately, if you have a router with configurable IP routing, you could also block access to thier servers from there.

EDIT: I originally had these three lines also listed in the section above:
127.0.0.1 38.119.38.151
127.0.0.1 38.119.38.152
127.0.0.1 38.119.38.153
But as a sharp reader pointed out, the hosts file is not used when Windows makes a direct IP connection. If you wish to block these IP's, you will have to do it using a software firewall, hardware firewall, or a static routing table in Windows. I don't know how I missed that one, I must be slipping.

Not only does this prevent access to thier servers, but it also appears to kill the AdClient function altogether, as even replacing the ad files into the "massive_data" folder from copies stored elsewhere on the PC does not return function to the ads after the hosts file has been modified. Instead the poster elements simply display the SOE logo while playing the game.

In conclusion, I would recommend to all players of Planetside, and any other game that uses the Massive technology to immediately employ this blocking strategy and prevent this type of data collection from happening.

It is up to the Gaming Community to stand up together and tell gaming companies that we will not put up with this type of invasive technology being added to our games. Gaming companies need to understand that we have already paid a pretty penny to play thier game, and we will not allow ourselves to be leeched off of while receiving nothing but visual annoyance in return. We may be forced to accept the EULA when we start the game, but we do not accept invasion of our privacy and forced advertisements in game.

Friday, August 05, 2005

We Told You So!

Just when I think that things are about to get better around here, it goes from bad to worse.


As many of you know, Erie County is facing a severe budget crisis. If that wasn't bad enough, the Erie County Public Library System is also having to deal with budgetary issues. This is partly due to the financial woes that Erie County is going through, and partly their own fault.


About 7 years ago the Library system's then director Daniel L. Walters hired financial firm Aaron Cohen Associates, Ltd. to create a financial study on the library's current setup and to propose any necessary changes. The study revealed a bloated dinosaur that was on the verge of collapse from it's own weight. The Buffalo and Erie County Library system has more branches per capita than nearly other municipal library system in the United States. Too many branches. Simply put, the study concluded that within 5-10 years the Library system will no longer be able to financially support the current setup without an exceptionally large and highly unlikely infusion of cash from local government.


With that in mind, Aaron Cohen Associates, Ltd. proposed a dramatic and sweeping reform plan that would have closed many of the smaller, older and little used branches in favor of a library 'hub' system. This hub system, informally known as “The Cohen Plan” would have meant that several new Library buildings would be built at strategic locations around Erie County based on usage statistics from the current libraries. That is to say, towns and neighborhoods that used their current libraries heavily would be far more likely to get a hub nearby than unused libraries. This makes sense. If an area shows that they care little about the presence of a library by not using it, there isn't any reason to waste money giving them a new one right nearby. The Buffalo area has an excellent roads and Public Transportation infrastructure, Those that aren't near libraries could simply drive or take public transportation to the library to use it.


These new Hub Libraries would be bright, clean, modern buildings with full handicapped access. They would be able to hold far larger collections than the smaller libraries are now able to contain and would be able to support a full range of modern conveniences and comforts, along with many more services. All of this, while costing quite a bit to setup, would more than pay for itself 5, 10, 15, 25 years down the road as the costs for maintenance, upkeep and further modernization would be significantly lower than trying to keep the old dinosaur system running.


Now keep in mind, this was 7 years ago. Erie county was doing quite well at the time, and the pressure to make major changes was not there. Most people thought that Erie County was doing alright, all things considered. The Internet Bubble was still in full swing. Even our area, despite generally missing most of the big benefits of that market bubble, was doing ok. So it's not terribly surprising that when the plan was put out for public consideration and hearings, that many people in the area, particularly those in the city, reacted with anger and vehemence at the idea of “taking away their libraries”


Of course, none of those who were speaking out against the plan actually read it, or paid any attention to the implications of leaving the system as it stands. To be honest, most of the Librarians weren't too keen on the idea either. Not that it was a bad plan, it was an excellent plan and one we should have implemented. But the fear of losing their jobs (we would have had to let go of a percentage of the library staff as well) and just normal human entropy kept the librarians who were charged with presenting the plan from putting any kind of effective spin on it. The only ones truly suporting and pushing it was then Library Director Dan Walters, and the Board of trustees. Of course, as we all know the plan went down in flames, amid the screaming and shouting of the ignorant and ill-informed.


Fast forward 7 years later. Erie county is in the middle of a budget crisis of epic proportions. Dan Walters has long since quit in disgust at the backward and irresponsible behavior of the local citizens and government. He is now heading up an upscale and revitalized library system in Washington State. Our current Library Director, Michael Mahaney, is a politically connected government insider who is beholden to a small cadre of local politicans (Al Debenedetti in particular). Despite his connections, money to support our aging dinosaur of a library system has nearly run out.


So now are we going to do now? Yep, you got it. CLOSE LIBRARIES. Only now, instead of replacing the libraries with new modern facilities, we will simply be closing buildings and laying off a large percentage of staff. Once again, Liberal politics and short-sighted political gamesmanship has trumped intelligent thought and good planning.


Who get's the shaft? Hardworking, harried and underpaid Librarians and ordinary folks like you and me. If anyone thinks that the politically connected involved here will pay any kind of price, they would be sadly mistaken. I would expect our current library director to either keep his post, or find a nice cushy spot somewhere else in local government. Fortunately, many of the local County politicians involved will likely be gone. Having either been voted out of office, or having quit, knowing they have no chance to win an election.


At least one politician, Joel Giambra, is talking about resurrecting the Cohen Plan. He wants to fund the contruction of new facilities using Tobacco Settlement monies. Of course, there are many questions about this idea, including the legality of it, and wether there is actually any money left in that fund. But at least it's a start, and shows that there still can be ways to save the library system, if we are willing to listen to good ideas.


My ideas for saving our library system are as follows:



  1. The Cohen plan, or some close derivative of it, needs to be the starting point. Moving our library system from an old outdated model reliant on small community libraries to a new updated model using larger 'hub' style branches with better, larger collections and improved ammenities. This should be combined with the most modern systems of book distribution. This way no one branch is lacking for anything, as it can always get what it needs from other branches.

  2. Increasing taxes to try and fund these branches cannot be an option. Our area is already taxed well beyond the point of diminishing returns, as can be seen by the continued flight of the well educated and young from our area.

  3. Honestly, Public hearings should not be held on this. There are still many many people in the area that do not understand the seriousness of the situation that the library system is in. It is likely that there will be another round of protests accompanying any public hearings, turning what should be a serious discussion about the financial solvency of the library system into a 3 ring circus.


In the days since I started writing on this subject, Erie County and the Library's board of Directors have begun moving forward with an attempt to rescue the library system from it's financial woes. While it would appear that they too wish to return to the wisdom of the Cohen Plan, they have once again embarked on the foolish venture of having public hearings. As expected, these hearings have become flash points around which the ignorant and politically motivated are gathering and havoc has ensued.


I would strongly advise the Library Board of Directors to reconsider having public hearings and involving local politicians. The Library board needs to make it's decision to follow the Cohen Plan outside of local political concerns. If area history teaches us anything, it's that allowing politics to take precedence in financal matters is a mistake that none of us can afford to make.